Re: Fraud and prevention

Solved

Fraud and prevention

Mr-Fragrance
Explorer
55 5 11

Hi All,

 

I have credit card fraudsters targeting my business. I have one chargeback submitted against my store, I know I will lose that case. I fear, another four or five possible chargebacks will happen in due course, I cannot continue to sustain such big losses. I'm also sick to death in worry, is another payment fraud. 

 

I have switched off Apple and Google Pay. I now want to turn off all credit cards. See attached CSV file, it keeps saying I need to add at least one payment method. I assume I need to turn Shopify payments off, then it will not ask for a selection. If I do this Shop Pay is also disabled. If the merchant turns off Shopify payments. Do we lose our visibility on the Shop app? I suspect we do. 

 

If a fraudster inputs credit card details into Shop Pay, it appears the merchant is not protected from chargebacks. Is that correct? 

 

Even with the Shop Pay payment a chargeback is possible. We lose money, pay a chargeback fee and also still have to pay the Shopify fee (Shopify still here paid). That's great we get shafted from all angles. The most comical thing I watched. A Shopify video, where the lady says, if fraud continues to happen they will remove Shopify payments. Thanks, you will do all merchants a favour. The moral of the story Shop Pay is crap. Turn on PayPal, at least you know most of those transactions are not fraud, in the event they were, the merchant is covered.

 

Let's see how many Shopify experts comment on this thread.

 

I cannot wait for October 2024, I will shut up shop and trade on eBay. 

Accepted Solutions (4)

dylanpierce
Shopify Partner
297 14 128

This is an accepted solution.

Hi @Mr-Fragrance 

First off, sorry that you've become a target for chargeback fraud.

Yes, it's true that with Shop Pay you're still at risk for chargebacks, except for orders that are insurable through Shopify Protect. But unfortunately Shopify Protect won't cover all orders, only ones that Shopify feels comfortable underwriting.

However, there are ways of protecting yourself against chargebacks.

First and foremost, disable Automatic Payment capture on your store. It only takes a few clicks and it is the best way to prevent credit card testing on your online store.

This will apply to all payment gateways you have enabled, so that way you can manually capture payments after you've verified the order and customer details.

Unfortunately I didn't see any more details about the types of chargebacks you're receiving. It sounds like perhaps you're worried about orders that have high risk according to the Shopify Fraud Analysis provided on each order.

If that's the case, then after you've set up manual payment capture you'll have some breathing room to take time to verify your customer's intent to purchase before fulfilling. There are multiple ways to verifying orders, you can call or email the customer and ask them to confirm their purchase, or ask for additional evidence of their identity.

If you're receiving fraudulent chargebacks, where the order most likely did *not* trigger Shopify Fraud Analysis alerts, but the customer is not acting in good faith and initiating a fake chargeback - then absolutely gather more evidence from your customer _before_ fulfillment.

Collecting additional evidence before fulfillment helps you in two ways:

1. Shows the customer that you're serious about fraudulent chargebacks

2. Gives you evidence to include in a dispute to reverse the chargeback

 

Types of evidence include:

* Screenshots from emails or text message exchanges

* Drivers license, utility bill or another form of ID to prove identity beyond the order shipping and billing details

 

This is a general answer, but perhaps you could share more about the order details and why you believe you have other orders that might result in chargebacks. Was it because they were above average order price?

 

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

View solution in original post

dylanpierce
Shopify Partner
297 14 128

This is an accepted solution.

Sure, so you can think of manual payments as the _option_ to charge the customers card. Whereas with automatic payments, the charge is applied immediately.

You can't receive a chargeback if there's no charge.

That's why manual payment capture is safer. The customer _authorizes_ you to charge the order amount to the customers charge, and you have the option to capture the full amount within a 30 day window. So if you confirm that the order is indeed fraudulent, then simply cancel the authorization or let it lapse. The credit card won't be charged and you cannot receive a chargeback.

 

> If I’m satisfied it's not fraud transaction and send the order next day, do I automatically get paid after two days? Or should I wait until I get paid before dispatching.

 

With manual payment capture, you receive the funds when you capture the charge in the Shopify order details. So the timing is up to you.

But I would in general follow this flow with risky orders:

1. Initiate customer verification (email the customer, text the customer, call the customer, ask for documentation)

2. Once you have verified the order, decide to fulfill or not

3. Capture payment

4. Fulfill

 

Then the payment will be part of your next Shopify payout.

 

> Also if I think the transaction is fraud within the two day period. Do I avoid the credit card fee?

If you don't capture payments, there are no credit card fees!

That's another advantage to using manual payments, you're only authorizing the charge not actually performing it.

 

> I must say people do not like being called, they get ever so suspicious!


You might have better luck with an email or SMS message if they've shared their phone number during checkout. It's easier for the customer to respond on their own time.

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

View solution in original post

dylanpierce
Shopify Partner
297 14 128

This is an accepted solution.

Happy to help @Mr-Fragrance!

Fraudsters usually go after the lowest hanging fruit so to speak. So now that you've implemented better controls around fraud, they might move onto the next target.

But if you need help setting up Shopify Flow automations to save time on this hold/release process, just let me know.

Best of luck to you!

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

View solution in original post

Mr-Fragrance
Explorer
55 5 11

This is an accepted solution.

@dylanpierce  I have learnt a lot since the fraud cases. The first three I'm pretty sure are all linked. It's just a shame a couple more happened a week or two later from different people, before the chargebacks.

When you load a card to Google or Apple Pay, you lose visibility of billing address check, it shows Nil opposed to Pass. I will from now, reach out to customers about any suspicious orders. I am wiser now, if in doubt can cancel.

 

Thank you!

View solution in original post

Replies 11 (11)

dylanpierce
Shopify Partner
297 14 128

This is an accepted solution.

Hi @Mr-Fragrance 

First off, sorry that you've become a target for chargeback fraud.

Yes, it's true that with Shop Pay you're still at risk for chargebacks, except for orders that are insurable through Shopify Protect. But unfortunately Shopify Protect won't cover all orders, only ones that Shopify feels comfortable underwriting.

However, there are ways of protecting yourself against chargebacks.

First and foremost, disable Automatic Payment capture on your store. It only takes a few clicks and it is the best way to prevent credit card testing on your online store.

This will apply to all payment gateways you have enabled, so that way you can manually capture payments after you've verified the order and customer details.

Unfortunately I didn't see any more details about the types of chargebacks you're receiving. It sounds like perhaps you're worried about orders that have high risk according to the Shopify Fraud Analysis provided on each order.

If that's the case, then after you've set up manual payment capture you'll have some breathing room to take time to verify your customer's intent to purchase before fulfilling. There are multiple ways to verifying orders, you can call or email the customer and ask them to confirm their purchase, or ask for additional evidence of their identity.

If you're receiving fraudulent chargebacks, where the order most likely did *not* trigger Shopify Fraud Analysis alerts, but the customer is not acting in good faith and initiating a fake chargeback - then absolutely gather more evidence from your customer _before_ fulfillment.

Collecting additional evidence before fulfillment helps you in two ways:

1. Shows the customer that you're serious about fraudulent chargebacks

2. Gives you evidence to include in a dispute to reverse the chargeback

 

Types of evidence include:

* Screenshots from emails or text message exchanges

* Drivers license, utility bill or another form of ID to prove identity beyond the order shipping and billing details

 

This is a general answer, but perhaps you could share more about the order details and why you believe you have other orders that might result in chargebacks. Was it because they were above average order price?

 

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

Mr-Fragrance
Explorer
55 5 11

Hi @dylanpierce 

 

Fraud has been an eye opener, maybe I have been naive.

 

The one transaction, it's definitely fraud, person has used someone else's credit card. The shipping and billing address are different. I spotted in the abandoned checkout, this same person tried to do another transaction, but failed with multiple cards. This transaction that was successful, had a chargeback submitted a day before the fraudster received the item. I have filed my defence, but I know will lose out.

 

The above transaction, a day later I had two more transactions from the same Post Code area. My gut feeling is saying and I'm most likely right, this second person has obtained a credit card using false ID etc. This person also tried to buy a third item the following day, with multiple credit cards but failed. I suspect two fraudsters are living in the same area and working together. I have rung both people but no answer.

 

I'm based in the UK and do not ship international. I have another four transactions that I'm not entirely comfortable with. Two transactions, I had on my store a couple of people used "World Debit Embossed MasterCard", the issuers are Starling and Monzo. Both transactions; had a Turkish landline telephone number. The first order happened before the first fraud incident; I fulfilled without thinking too much about it. After the first fraud incident, the second order came in last week (I think both unrelated), worth £300 (one item). I emailed the individual and requested he call me; he did within 30 mins. I told him his order had a Turkish landline, he said he was in Turkey on holiday and that is set on his Apple Pay, not entirely plausible. In hindsight, I should have asked for a utility bill or other form ID.

 

To counter fraud, I have done the following:

 

  • Switched on PayPal payment method
  • Ring people to confirm address details

I must say people do not like being called, they get ever so suspicious!

 

If I disable automatic payment, it allows me to do due diligence.

If I’m satisfied it's not fraud transaction and send the order next day, do I automatically get paid after two days? Or should I wait until I get paid before dispatching.

Also if I think the transaction is fraud within the two day period. Do I avoid the credit card fee?

 

Need a bit more detail on how this works.

 

Thank you!

dylanpierce
Shopify Partner
297 14 128

This is an accepted solution.

Sure, so you can think of manual payments as the _option_ to charge the customers card. Whereas with automatic payments, the charge is applied immediately.

You can't receive a chargeback if there's no charge.

That's why manual payment capture is safer. The customer _authorizes_ you to charge the order amount to the customers charge, and you have the option to capture the full amount within a 30 day window. So if you confirm that the order is indeed fraudulent, then simply cancel the authorization or let it lapse. The credit card won't be charged and you cannot receive a chargeback.

 

> If I’m satisfied it's not fraud transaction and send the order next day, do I automatically get paid after two days? Or should I wait until I get paid before dispatching.

 

With manual payment capture, you receive the funds when you capture the charge in the Shopify order details. So the timing is up to you.

But I would in general follow this flow with risky orders:

1. Initiate customer verification (email the customer, text the customer, call the customer, ask for documentation)

2. Once you have verified the order, decide to fulfill or not

3. Capture payment

4. Fulfill

 

Then the payment will be part of your next Shopify payout.

 

> Also if I think the transaction is fraud within the two day period. Do I avoid the credit card fee?

If you don't capture payments, there are no credit card fees!

That's another advantage to using manual payments, you're only authorizing the charge not actually performing it.

 

> I must say people do not like being called, they get ever so suspicious!


You might have better luck with an email or SMS message if they've shared their phone number during checkout. It's easier for the customer to respond on their own time.

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

Mr-Fragrance
Explorer
55 5 11

Hi @dylanpierce 

 

I really appreciate the advice.

 

I have now changed my capture payments to manual. This will allow me enough time to do due diligence on the customer. Also, no credit card fees for fraudlent payments is great too, plus they cannot test the cards on my store. I know my store has 3 definite fraud transactions. The first fraud transaction is just that, I will take the hit on. The other two transactions orders were placed by somone of the same gang, I think he has obtained a credit card using fake ID, I may not get a chargeback given bank should not have issued this perosn with a card. I will stop these fraudsters take my stock.

 

Thank you so much.

 

Regards

dylanpierce
Shopify Partner
297 14 128

This is an accepted solution.

Happy to help @Mr-Fragrance!

Fraudsters usually go after the lowest hanging fruit so to speak. So now that you've implemented better controls around fraud, they might move onto the next target.

But if you need help setting up Shopify Flow automations to save time on this hold/release process, just let me know.

Best of luck to you!

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

Mr-Fragrance
Explorer
55 5 11

@dylanpierce 

 

I really like the manual payments feature.

 

I was very naive, and have now learnt a lesson. However, my worst fear has become reality, I got hit with two more chargebacks.  In total that's 3 chargeback. I have I know I will lose these chargebacks,  they are fraud, people have used other peoples credit cards. Even though I learnt a lesson, I think i have two more fraud orders, that willl make it five chargebacks.

 

I'm looking for a free fraud app. Can you recommend?

 

Thanks

dylanpierce
Shopify Partner
297 14 128

I'm sorry to hear that, that is a very expensive lesson.

 

Shopify is optimizing the defaults for a store to have the most seamless experience for merchants to start receiving and fulfilling orders. The manual payment capture adds an extra step to this process, which is why it's not the default.

> I'm looking for a free fraud app. Can you recommend?

 

Shopify Fraud Analysis is already free and a part of every single order placed on your store.

It's not a perfect tool, and it can make mistakes.

But if credit card details don't match the shipping details, it could mean the order is risky. Following up with the customer by phone, email or SMS message is the best way to confirm their identity and intent.

Then if the customer doesn't respond or you can tell it's obvious fraud, then you can cancel the order risk free because you haven't captured payment yet.

I recommend doing this manually until you have a good understanding of good orders vs bad orders. When you're ready to automate verification and then payment capture, it's worth learning how to use Shopify Flow.

Shopify Flow is a free app that is a no-code workflow building tool. You can build workflows that hold fulfillment based on order risk, and even release orders for fulfillment after the customer is verified.

Founder of Real ID - Verify your customer's real IDs easily & securely with modern A.I.

Want to see it in action? Check out our demo store.

Mr-Fragrance
Explorer
55 5 11

This is an accepted solution.

@dylanpierce  I have learnt a lot since the fraud cases. The first three I'm pretty sure are all linked. It's just a shame a couple more happened a week or two later from different people, before the chargebacks.

When you load a card to Google or Apple Pay, you lose visibility of billing address check, it shows Nil opposed to Pass. I will from now, reach out to customers about any suspicious orders. I am wiser now, if in doubt can cancel.

 

Thank you!

HeisenNg
Visitor
1 0 0

We also got chargeback from this guy: La nice, 5421 11 St NE #109, C/O GHI226, Calgary Alberta T2E 6M4, Canada, +1 403-457-1888. His order was flagged as high risk, so we reached out to confirm all the details. Although we got the yes response, he still issued the chargeback in the end. It's disgusting.

Mr-Fragrance
Explorer
55 5 11

@HeisenNg I appreciate someone has done a chargeback. However, due to data protection got to be careful sharing details. 

 

Chargebacks are high, banks just listen to the person, then process. I doubt banks find anything in favour of the merchant, they just want a easy life, not the correct resolution. People are up to all sorts, some criminals do not care one bit. If Shopify are saying it's high risk, reveiw why, if in doubt, cancel. Do not worry about losing a sale, think of the chargeback.

 

On a weekly basis I see orders that can be suspect, people do not respond to my texts or pick the phone up. I just cancel the order after a couple of days. I do not know what you sell and volumes. I'm selling items that cost a lot of money and are worth a decent price. I have set my store to accept manual payments, I vet each order given the value.

 

I use Shopify fraud tool as a guide, it says some of my orders are low risk, but I know they are fraud.

 

Use manual payment acceptance, you will avoid credit charge fees!

If in doubt cancel the order to avoid the stress.

apps-developer
Shopify Partner
50 0 5

fraudulent orders can be avoided with anti bot apps like kedra shield if the order is from bot origin. App url: https://apps.shopify.com/kedra-shield-website-security it has this bot protection block which hides contents of website so bot is not able to access the store at all.